Publications

Publications, Presentations, and Workshops about CASE.

Title Description Type Source Date Published
Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information Origins of CASE from the Digital Forensic Analysis eXpression (DFAX) are provided at DFRWS EU 2015. Presentation DFRWS EU 2015-03-23
Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information This work summarizes the strengths and weaknesses of prior schemas, and defines an open-source schema called DFAX and underlying UCO ontology for representing and exchanging digital forensic information. Publication Digital Investigation Journal 2015-03-01
Using Standardization and Ontology to Enhance Data Protection and Intelligent Analysis of Electronic Evidence CASE includes data marking to support restricting access to privileged, proprietary, and personal in criminal and civil matters, controlling disclosure of information in regulatory compliance inquiries, and enable vendors to restrict use of data that is covered under license agreements. Presentation International Conference on Artificial Intellgience 2017-06-12
Pulling It Together Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API Presentation DFRWS 2017-08-06
The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form The CASE specification language and UCO ontology are a rational progression from the foundational work on Digital Forensic Analysis eXpression (DFAX). Publication Handling and Exchanging Electronic Evidence Across Europe 2018-06-27
Pulling It Together Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API Presentation EU Evidence Project 2016-09-29
Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language The foundations of CASE are provided in "Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language," Journal of Digital Investigation (Issue 22, Sept 2017). Publication Digital Investigation Journal 2017-09-22
Corrigendum to ‘Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language’ This corrigendum addresses several corrections, clarifications, and updates to the JSON CASE example provided in this paper. Publication Digital Investigation Journal 2018-11-28
Standardization of file recovery classification and authentication In digital forensic investigations, the notions of "recovered content" versus "deleted content" can be more specifically expressed as various degrees of recoverability. Publication Digital Investigation Journal 2019-07-20
Discovery of digital forensic dataset characteristics with CASE-Corpora We present CASE-Corpora, a community index of available forensic reference and training datasets. Presentation DFRWS USA 2022-07-11
The Discovery of Digital Forensic Dataset Characteristics With CASE-Corpora We present CASE-Corpora, a community index of available forensic reference and training datasets. Presentation American Academy of Forensic Sciences 2023-02-17
Cataloguing Software Ecosystems with swid-reg This presentation describes software indexing challenges and provenance. Presentation Software Supply Chain Assurance Forum 2023-09-13
Provenience-Based Cross-Verification of Digital Forensic Artifacts Applied to NTFS This presentation will demonstrate a methodology for comparing the subject data exploratory coverage of two digital forensic processes that share some in-common goals in their reporting. Presentation American Academy of Forensic Sciences 2024-02-23
An abstract model for digital forensic analysis tools – A foundation for systematic error mitigation analysis As automation within digital forensic tools becomes more advanced there is a need for a systematic approach to ensure the validity, reliability, and standardization of digital forensic results. This paper argues for intermediate output in a standardized format within digital forensic tools to allow a methodical approach to tool validation that targets errors at each stage of processing. Publication DFRWS EU 2024-03-17
Interoperability Efforts in the Cyber Domain Ontology This work presents mechanisms for concept refinement and knowledge expansion through interfacing with multiple independent ontologies. Presentation Semantic Shields: International Workshop on Modeling for Cybersecurity 2024-07-16
SOLVE-IT: A proposed digital forensic knowledge base inspired by MITRE ATT&CK This work presents SOLVE-IT (Systematic Objective-based Listing of Various Established (Digital) Investigation Techniques), a digital forensics knowledge base inspired by the MITRE ATT&CK cybersecurity resource. Publication DFRWS EU 2025-03-30